GCHQ chief reports 'disturbing' cyber-attacks on UK

The UK says cyber crime is as serious a threat as international terrorism

Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency.

Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said.

China and Russia are thought to be among the worst culprits involved in cyber attacks.

On Tuesday, the government hosts a two-day conference on the issue.

Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyberwarfare seriously enough.

It aims to bring together political leaders, such as US Secretary of State Hillary Clinton and EU digital supremo Neelie Kroes, with leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales and Cisco vice-president Brad Boston.

Analysis

By Gordon CoreraSecurity correspondent, BBC News

The threats from cyberspace are growing increasingly complex and sophisticated.

They range from cybercriminals seeking to steal credit cards to groups of hackers seeking to cause trouble. Equally, it can involve states seeking to steal secrets or even carry out attacks, as happened on Iran's nuclear programme with the Stuxnet virus.

The overlap between these groups - with states sometimes subcontracting work out to criminal networks - only increases the problems of working out who is behind any attack.

Governments have been struggling to keep pace with what is taking place and London is playing host to a major conference on the subject starting Tuesday with delegates invited from around the world.

Part of the aim of the meeting is to seek ways of making cyberspace more secure.

Baroness Pauline Neville Jones, the prime minister's special representative to business on cybersecurity, said Russia and China were some of the worst culprits involved in cyber-attacks.

"It's damaging in the end to try and play both sides," she said.

"If you are a company that comes from a country like China you can suffer if in the end people believe it's threatening to employ your products."

Writing in the Times, Mr Lobban said: "The volume of e-crime and attacks on government and industry systems continues to be disturbing".

"I can attest to attempts to steal British ideas and designs - in the IT, technology, defence, engineering and energy sectors, as well as other industries - to gain commercial advantage or to profit from secret knowledge of contractual arrangements.

"Such intellectual property theft doesn't just cost the companies concerned; it represents an attack on the UK's continued economic wellbeing."

Mr Lobban added that government online taxation and benefits services could be targeted in future, and said a black economy had already developed which saw UK citizens' credit card details offered for sale.

'Rich pickings'

The Ministry of Defence foiled more than 1,000 cyber-attacks in the last year from criminals and foreign intelligence services.

The Foreign Secretary William Hague revealed in February that computers belonging to the government had been infected with the "Zeus" computer virus, after users opened an e-mail purporting to come from the White House and followed a link.

He said cyberspace was providing "rich pickings", with UK defence contractors also being targeted.

In January, three Foreign Office staff were sent an e-mail apparently from another colleague in the Foreign Office.

In fact, Mr Hague said, the e-mail was "from a hostile state intelligence agency" and contained "code embedded in the attached document that would have attacked their machine."

'Unacceptably' high risk

But the government has been criticised for failing to take a strong lead in protecting critical systems such as power and water from cyberattack.

The vast majority of critical infrastructure in the UK is privately owned.

A leading think tank, Chatham House, has said there is a reluctance by government to share information with the private companies that might be targeted.

It also criticised those same companies for putting up with an "unacceptably high level of risk".

Professor Peter Somer - a cybersecurity expert at the London School of Economics - said it may be necessary to force major infrastructure companies to invest in protecting themselves against cyber attack.

"We may need to get to the point where we say .... you have to have a licence and a condition of the licence is going to be having adequate protection and having contingency plans. They are not going to like it."

The government says it ranks cybersecurity as a top priority.

Last year it announced £650m of additional funding to help tackle computer-based threats.

Around £130m, or 20%, is specifically earmarked for critical infrastructure projects.